Commits · 282d4a182ea6a7d2e6e0f6901d2bc1e75b49e52f · LMODroid / platform_packages_modules_Bluetooth

May 12, 2023

Fix multiple OOB bugs resulted from tx mtu in EATT · 282d4a18

Hui Peng authored 1 year ago

The tx mtu in EATT can be controlled by remote device. With malicious
mtu values, it is possible to trigger integer overflow and
OOB write at multiple places (see the bug below).

This fix enforces a max tx mtu in EATT.

Bug: 271335899
Test: manual
Ignore-AOSP-First: security
Tag: #security
Change-Id: Ia06c9a17f2daa5ce4c32cffa536777f47774cf31

282d4a18

May 10, 2023

Merge "Fix an OOB bug in bta_av_proc_meta_cmd" into tm-dev am: am: · 95545b56

Treehugger Robot authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22940765

Change-Id: I710fec3df81336f5c8863dbb600e1e79c6a12c81
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

95545b56

Merge "Fix an OOB bug in bta_av_proc_meta_cmd" into tm-dev am: · 4a1a9611

Treehugger Robot authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22940765

Change-Id: Ib3381da1f681834da0be152053e92a5944269f65
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

4a1a9611

May 09, 2023
- Merge "Fix an OOB bug in bta_av_proc_meta_cmd" into tm-dev · 77089c95
  Treehugger Robot authored 1 year ago
  
  77089c95
May 07, 2023
- Merge "Fix 2 OOB bugs in LeAudioBroadcasterImpl::UpdateMetadata" into tm-qpr-dev · b52a8e43
  Hui Peng authored 1 year ago
  
  b52a8e43
May 06, 2023

Merge "Fix an OOB bug in parameters_response_parser" into tm-dev am: am: · 6032ec4d

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22948054

Change-Id: Ia18f2a3bf30dcba13e9e8a60596884019e3af094
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

6032ec4d

Merge "Fix an OOB bug in parameters_response_parser" into tm-dev am: · 922ca83e

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22948054

Change-Id: I06c0347f1edc9a229ed7b926a6b8aa1d7151eee6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

922ca83e

Merge "Fix an OOB bug in parameters_response_parser" into tm-dev · d2e98455
Hui Peng authored 1 year ago

d2e98455

May 05, 2023
- Merge "disable AT+ANDROID processing for wear" into tm-qpr-dev · 5cbbd48a
  Thomas Girardier authored 1 year ago
  
  5cbbd48a
- Fix 2 OOB bugs in LeAudioBroadcasterImpl::UpdateMetadata · 5f4fa4a0
  Hui Peng authored 1 year ago
  
  Bug: 275551881 Test: manual Ignore-AOSP-First: security Tag: #security Merged-In: I6172d11a9c745018ca40e2df8b0e70f4f9728fde Change-Id: I6172d11a9c745018ca40e2df8b0e70f4f9728fde
  5f4fa4a0
May 04, 2023

Merge "Import translations. DO NOT MERGE ANYWHERE" into tm-qpr-dev · e3875d07
Bill Yi authored 1 year ago

e3875d07

disable AT+ANDROID processing for wear · c487f626

Yuyang Huang authored 1 year ago

Test: manual
Bug: 275668166
(cherry picked from https://android-review.googlesource.com/q/commit:86461f427e8f13b08e89a31c6a707db48b9456b4)
Merged-In: Ifd2893abedcb181e67c1de8d6d6a8dfa38381696
Change-Id: Ifd2893abedcb181e67c1de8d6d6a8dfa38381696

c487f626

Merge "Import translations. DO NOT MERGE ANYWHERE" into tm-qpr-dev · 986b3f21
Treehugger Robot authored 1 year ago

986b3f21

Fix a type confusion bug in bta_av_setconfig_rej am: am: · 7e7984b6

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22900658

Change-Id: Ic72a3829a58ce64e055d61b6cb8721729ca336fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

7e7984b6

Fix a type confusion bug in bta_av_setconfig_rej am: · 1c2593d8

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22900658

Change-Id: I4d8458d008c180a0144496e358bcd5c7ca0a9058
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

1c2593d8

May 03, 2023

Fix an OOB bug in bta_av_proc_meta_cmd · aaf3fead

Hui Peng authored 1 year ago

Bug: 260726311
Test: manual
Ignore-AOSP-First: security
Tag: #security
Change-Id: I199fdd0651ebc29f130ebb5f5fa07e13f22a7d37

aaf3fead

Import translations. DO NOT MERGE ANYWHERE · bf11e990

Bill Yi authored 1 year ago

Auto-generated-cl: translation import
Change-Id: Ifdbc24bbd792c81653d9bd15b0fb0170a685bfd0

bf11e990

Import translations. DO NOT MERGE ANYWHERE · 912dd2c6

Bill Yi authored 1 year ago

Auto-generated-cl: translation import
Change-Id: Ie46a37e7fba744e6a7f6f1aae983e41ebe1120ac

912dd2c6

Apr 30, 2023

Fix a type confusion bug in bta_av_setconfig_rej · bbd88e88

Hui Peng authored 1 year ago

tBTA_AV_CI_SETCONFIG is treated as tBTA_AV_STR_MSG
in bta_av_setconfig_rej, resulting OOB access.

Bug: 260230151
Test: manual
Ignore-AOSP-First: security
Tag: #security
Merged-In: I78a1ee50dea0113381e51f8521711d758dc759cf
Change-Id: I78a1ee50dea0113381e51f8521711d758dc759cf

bbd88e88

Apr 29, 2023

Fix an OOB bug in parameters_response_parser · b209c3df

Hui Peng authored 1 year ago

Bug: 266433017
Test: manual
Ignore-AOSP-First: security
Tag: #security
Change-Id: I4a8959ac6e5980a6c6d20edcf103482b9916656a

b209c3df

Apr 26, 2023

Merge "Fix a potential OOB in... · 4cf0dd54

Hui Peng authored 1 year ago

Merge "Fix a potential OOB in BleAdvertiserVscHciInterfaceImpl::VendorSpecificEventCback" into tm-dev am: c2166e96 am: d9c7e9ac

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/20918444

Change-Id: Ief6055255b93583250a4352716b7a9703397dab8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

4cf0dd54

Merge "Fix an OOB write bug in gatt_process_notification" into tm-dev am: am: · 8634bac1

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22697261

Change-Id: I5eab2d0e5fe8c208a781afb7850686cf0285736f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

8634bac1

Merge "Fix an OOB bug in set_data" into tm-dev am: am: · 522a4f0f

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22696389

Change-Id: I1e320182f0e88065352593e5b6443fdbd3c54ab7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

522a4f0f

Merge "Fix an OOB bug in set_data" into tm-dev am: am: · 13bfe953

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22696394

Change-Id: Iba1fe3d24fe7961c645d69045e6bd14462e51178
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

13bfe953

Merge "Fix a potential OOB in... · d9c7e9ac

Hui Peng authored 1 year ago

Merge "Fix a potential OOB in BleAdvertiserVscHciInterfaceImpl::VendorSpecificEventCback" into tm-dev am: c2166e96

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/20918444

Change-Id: I5b1c3e5df0292e188cab8c710abfae3c212fe788
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

d9c7e9ac

Merge "Fix an OOB write bug in gatt_process_notification" into tm-dev am: · dc2eea31

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22697261

Change-Id: I659be20b850ae5ae04a88750098e9b2e467873a3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

dc2eea31

Merge "Fix an OOB bug in set_data" into tm-dev am: · de28d04d

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22696389

Change-Id: Ia34bf0a351597361ba3663a0b54c8efeade47c86
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

de28d04d

Merge "Fix an OOB bug in set_data" into tm-dev am: · 9435f9b0

Hui Peng authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22696394

Change-Id: If13ec5c92cdbb18fc5adca6697de1fbd05b18e7f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

9435f9b0

Apr 25, 2023

Merge "Fix a potential OOB in... · c2166e96

Hui Peng authored 1 year ago

Merge "Fix a potential OOB in BleAdvertiserVscHciInterfaceImpl::VendorSpecificEventCback" into tm-dev

c2166e96

Merge "Fix an OOB write bug in gatt_process_notification" into tm-dev · 68569357
Hui Peng authored 1 year ago

68569357
Merge "Fix an OOB bug in set_data" into tm-dev · 125cf1ea
Hui Peng authored 1 year ago

125cf1ea
Merge "Fix an OOB bug in set_data" into tm-dev · 8473c8c6
Hui Peng authored 1 year ago

8473c8c6

Merge "Fix a few OOB bugs in avrc_bld_get_folder_items_rsp" into tm-dev am:... · adcff0db

Treehugger Robot authored 1 year ago

Merge "Fix a few OOB bugs in avrc_bld_get_folder_items_rsp" into tm-dev am: 35b7a201 am: 579abb6a

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22605431

Change-Id: Ia83a62da1fb9ce8a6e24b8498979ef7ba73a4504
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

adcff0db

Merge "Fix a few OOB bugs in avrc_bld_get_folder_items_rsp" into tm-dev am: · 579abb6a

Treehugger Robot authored 1 year ago

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/22605431

Change-Id: I697456facafd7b447f50ab0a5b56cf4b823cf10a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

579abb6a

Merge "Fix a few OOB bugs in avrc_bld_get_folder_items_rsp" into tm-dev · 35b7a201
Treehugger Robot authored 1 year ago

35b7a201

Apr 19, 2023
- Merge "Import translations. DO NOT MERGE ANYWHERE" into tm-qpr-dev · af2a6dd8
  Treehugger Robot authored 1 year ago
  
  af2a6dd8
Apr 18, 2023

Fix an OOB bug in set_data · 58802164

Hui Peng authored 1 year ago

Plus move macros used in struct bt_oob_data_s
to bluetooth.h

Bug: 274722185
Test: manual
Ignore-AOSP-First: security
Tag: #security
Change-Id: Ie12feb4090a1eb88f5c9e097546f55a076839fb0

58802164

Fix an OOB write bug in gatt_process_notification · fdaaa82d

Hui Peng authored 1 year ago

Bug: 276975913
Test: manual
Ignore-AOSP-First: security
Tag: security
Change-Id: I38353a573168e18f06b2b311e532a937044fd92f

fdaaa82d

Fix an OOB bug in set_data · 0592ed17

Hui Peng authored 1 year ago

Bug: 274722163
Test: manual
Ignore-AOSP-First: security
Tag: #security
Change-Id: Ie4b30bbc19ba0bd191839af35880a4831d8005b1

0592ed17

Apr 17, 2023

Import translations. DO NOT MERGE ANYWHERE · cbb772b2

Bill Yi authored 1 year ago

Auto-generated-cl: translation import
Change-Id: Iac3cd146b3337e2456a758fb0cbbd19cf61cf861

cbb772b2